CloudSploit by Aqua is an open-source initiative aimed at enabling the identification of security vulnerabilities in cloud infrastructure accounts. It supports various cloud platforms, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts provide insights into potential misconfigurations and security risks within these cloud environments.
Installation
Credential Files
If you use the credential_file option, point to a file inyour file system that follows the correct format for the cloud you are using.
AWS
{
"accessKeyId":"YOURACCESSKEY",
"secretAccessKey":"YOURSECRETKEY"
}
Azure
{
"ApplicationID": "YOURAZUREAPPLICATIONID",
"KeyValue": "YOURAZUREKEYVALUE",
"DirectoryID": "YOURAZUREDIRECTORYID",
"SubscriptionID": "YOURAZURESUBSCRIPTIONID"
}
GCP
For GCP, you generate a JSON file directly from the GCPconsole, which you should not edit.
{
"type":"service_account",
"project": "GCPPROJECTNAME",
"client_email": "GCPCLIENTEMAIL",
"private_key": "GCPPRIVATEKEY"
}
Oracle OCI
{
"tenancyId": "YOURORACLETENANCYID",
"compartmentId": "YOURORACLECOMPARTMENTID",
"userId":"YOURORACLEUSERID",
"keyFingerprint": "YOURORACLEKEYFINGERPRINT",
"keyValue": "YOURORACLEKEYVALUE"
}
Example of commands to use
Suppress all results for the acmValidation plugin
Suppress all us-east-1 regionresults
Suppress all results matching theregex "certificate/*" in all regions for all plugins
Screenshot of the work
